Method and system for mobile IP nodes in heterogeneous networks

ABSTRACT

A recording medium including computer program instructions which cause a computer to execute a method of assigning IP addresses to mobile IP nodes in heterogeneous networks in which a home agent dynamically assigns a temporary IP care-of address to a static IP home address when the mobile node is moved in the heterogeneous networks, the dynamic care-of address indicating the topologically current network location of the mobile node and IP data packets having the IP home address of the mobile node as a destination address being redirected to the care-of address of the mobile node, including checking the mobile node for available physical network interfaces, generating a lookup table with the available and configurable physical network interfaces, linking to one of the available physical network interfaces, accessing the heterogeneous networks via a permanent virtual IP network interface generated in the mobile node, the generated permanent virtual IP network interface being linked to the current network, and including a generated virtual L3 layer and a generated virtual L2 layer and updating, during a change of the physical network interface of the mobile node, the link of the permanent virtual IP network interface to the network based on the lookup table.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to a method for mobile IP nodes in heterogeneousnetworks in which a home agent dynamically assigns a temporary IPcare-of address to a static IP home address when the mobile node ismoved in the heterogeneous networks, the dynamic care-of addressindicating the topologically current network location of the mobile nodeand IP data packets having the IP home address of the mobile node asdestination address being redirected to the care-of address of themobile node. In particular, the invention relates to a method for mobilenodes in heterogeneous networks with real-time applications.

2. Description of the Related Art

In the last few years, the number of Internet users worldwide and thusthe information offered there has increased exponentially. Although theInternet offers access to information worldwide, we normally have noaccess to it, however, until we have arrived at a particular networkaccess point, such as e.g. an office, school, university or at home. Thegrowing range of IP-capable mobile devices, such as e.g. PDAs, mobileradio telephones and laptops, is beginning to change our concept of theInternet. An analogous transition from fixed nodes in networks toflexible requirements through increased mobility has only just begun. Inmobile telephony, for example, this tendency has also manifested itselfinter alia in new standards such as WAP, GPRS or UMTS. To understand thedifference between the current reality and the IP linking possibilitiesof the future, one can call to mind, as a comparison, the development oftelephony in the direction of mobility in the last twenty years.

Mobile computer use must not be confused with computer use and networkcapability as we know them today. With mobile network use, an existingIP access to applications on the mobile node should not be interruptedwhen the user changes his location in the network. On the contrary, allchanges of link and interface e.g. during a change into differentnetworks (Ethernet, mobile radio network, WLAN, Bluetooth, etc.) shouldbe able to take place automatically and not interactively, so that theuser does not even need to know about them. This also applies to achange of interface e.g. during the use of real-time applications. Realmobile IP computing has many advantages based on a stable access to theInternet at all times. With such an access, work can be done freely andindependently of a desk. The requirements for mobile nodes in networksdiffer in many ways, however, from the mentioned development in mobileradio technology. The end points in mobile radio communication areusually people. With mobile nodes, however, computer applications cancarry out interactions between different network participants withoutany human assistance or intervention. Enough examples therefor are to befound in airplanes, on ships or in automobiles. Thus mobile computing inparticular with Internet access together with other applications, suchas e.g. in combination with position determining devices, such as thesatellite-based GPS (Global Positioning System), can be useful.

One of the problems with mobile network access via Internet Protocol(IP) is that the IP used for routing the data packets from the sourceaddress to the destination address in the network uses so-called IPaddresses (IP: Internet Protocol). These addresses are assigned to afixed location in the network, similar to how the telephone numbers ofthe fixed network are assigned to a physical jack. When the destinationaddress of the data packets is a mobile node this means that a new IPnetwork address must be assigned with each change of network location,which makes impossible transparent, mobile access. These problems weresolved by the mobile IP standard (IETF RFC 2002, October 1996) of theInternet Engineering Task Force (IETF) in that mobile IP allows themobile node to use two IP addresses. One of these addresses is thenormal, static IP address (home address), which indicates the locationof the home network, whereas the second is a dynamic IP care-of address,which designates the current location of the mobile node in the network.The assignment of the two addresses allows the IP data packets to bererouted to the correct, momentary address of the mobile node.

Not all the problems of mobile network use are solved with the mobile IPof the IETF, however. If, for instance, a user would like to switchbetween two different network interfaces while an IP application isrunning, the IP connection is interrupted at the moment when he leavesthe old network link. This connection is interrupted at least until atthe mobile node the new link to the network has been made and until thenew location, i.e. the new care-of address, is known and has beenregistered at the so-called home agent. The home agent is normally afixed network node, which administers the two addresses of the mobilenode (home address and care-of address) and reroutes or routes thecorresponding data packets. If the interruption time for the changeexceeds the time-out delays specified e.g. in the TCP (Transfer ControlProtocol) for dead times, the IP connection is interrupted of courseanyway. Even when the interruption time lies within the time-out delaysspecified in the TCP, however, the IP applications are not able tomaintain the connection if a physical network interface is notpermanently available. Examples of this are the change of the networkcard in a mobile node (e.g. a portable PC) having only one availablecard plug-in for the physical network interfaces. In the case of such achange of physical network interface, the IP applications orrespectively the kernel receive the message that no physical networkdevice can be assigned any longer to the IP data tunnel, and cut off theconnection. This leads to the IP applications having to be restartednormally after change of network card in order to be able to access aparticular IP data tunnel. Another problem is that, on the side of themobile node, the data packets get lost in downtime between theconnections since no physical network device is assigned anymore. Notonly does this result in a loss of data, but it also causes thetransmission rate of the IP packets through the IP applications to beslowed down corresponding to the duration of the downtime. As soon asthe new connection has been made, the transmission rate is increased, atfirst only step-by-step, however. This slows down the IP applicationunnecessarily with every change of interface or location.

Network interfaces are traditionally divided up into different layers.Of interest for the present invention are the lowermost layers. Adistinction is made between layer 1 (L1), which corresponds to thephysical network interface (e.g. the network interface card NIC), layer2 (L2) at which an initial recognition and identification of theinterface through software is made possible, and layer 3 (L3) as IPlayer (IP: Internet Protocol), at which level the distinction betweendifferent IP network links for software applications of the system takesplace as well as the connection of the IP applications to the IP networkinterface. Further layers can be defined above the L3, such as e.g. aTCP (Transfer Control Protocol) layer, etc. Different physical networkinterfaces can also have different L2. Thus a distinction is madebetween packet-switched and circuit-switched interfaces. Each node of anetwork, for example, normally has a packet-switched interface with anunambiguous network address, these network addresses being called DataLink Control (DLC) address or Media Access Control (MAC) address. In thecase of networks which conform to the IEEE 802 standard (IEEE: Instituteof Electrical and Electronics Engineers) (such as e.g. Ethernet), theDLC addresses are usually called MAC addresses. To be called a DLCaddress, an address must fulfill at least the OSI (OSI: Open SystemInterconnection) reference model of the ISO (International Organizationfor Standardization) standards. The OSI reference model defines a7-layer framework for implementation of network protocols. In otherwords, a DLC address, or respectively a MAC address, is a hardwareaddress that identifies the node or respectively the physical networkinterface unambiguously in the network. Some protocols, such as e.g.Ethernet or Token Ring use. the DLC/MAC address exclusively, i.e. theycannot communicate with the respective node without this address. Acircuit-switched interface, on the other hand, has no such DLC or MACaddress, i.e. thus also no corresponding identification DLCI (DLCIdentifier). Examples of protocols using circuit-switched interfaces areinter alia PPP (Point to Point Protocol), SLIP (Serial Line InternetProtocol) or GPRS (Generalized Packet Radio Service).

One solution for the above-mentioned drawbacks of the state of the artis disclosed in the European patent publication EP 1 089 495 of thecompany Nortel Networks Limited. EP 1 089 495 shows a system and amethod in which it is possible, under certain circumstances, to make achange of the physical interfaces without the active IP applicationsbeing interrupted on the computer or having to be restarted becausetheir link to the original interface has been lost. Nortel proposesthereby a so-called Network Access Arbitrator (NAA). The NAA sees to itthat the various MAC addresses of the individual configurable physicalnetwork interfaces are rerouted via a single fixed MAC address of theso-called primary NIC. The NAA connects the L2 layer of the availableNICs in that it reroutes the data packets from the primary NIC to thecorresponding MAC address of a further network interface (secondaryNIC). No virtual interface is thereby generated, however, but insteadthe NAA reroutes the MAC address via the first interface with a MACaddress of the primary NIC to another (virtual adapter driver). It is anintrinsic part of this prior art invention that for the NAA at least onephysical interface with a MAC address must be permanently availablesince the NAA otherwise loses its function. This can be a drawback,however, in the case of mobile devices, such as laptops, etc., if theypossess e.g. only one slot for insertion of a PCMCIA network card. Ifthe one network card is removed in order to switch to another networktechnology (e.g. Ethernet with fixed network to wireless), the Nortelinvention no longer works. The same applies if, by accident, the userremoves the network interface (primary NIC) via which the NAA reroutesthe further MAC addresses. A further disadvantage of the Nortelinvention is that it is sensitive to the definition or the standard ofthe hardware-related network address of the network interface. If theaddress e.g. does not correspond to the IEEE 802 standard (MACaddresses) and if the new address standard has not been explicitlydefined beforehand in the NAA, the NAA does not function with theseinterfaces since it can no longer reroute the MAC addresses. This makesthe Nortel invention inflexible since new standards cannot be recognizeddynamically. A disadvantage which is at least just as big also arisesfrom the explicit use of the MAC addresses. Circuit-switched interfacesdo not have any corresponding MAC or network addresses. Since the NAA isonly able to register devices with MAC addresses in order to reroute thedata packets, circuit-switched interfaces are not available to the NAAeven through their connection to the IP layer should also be possible.

SUMMARY OF THE INVENTION

It is an object of this invention to propose a new method for mobile IPnodes in heterogeneous networks. In particular the switching from onenetwork connection to another should be able to be carried out withoutinterruption of the IP applications and make possible an uninterruptedcontinuation of the program course also with real-time applications, ifapplicable, without being dependent upon specific protocols or networktechnologies.

These objects are attained according to the present invention throughthe elements of the independent claims. Further preferred embodimentsfollow moreover from the dependent claims and from the description.

In particular, these objects are achieved through the invention in thata home agent dynamically assigns a temporary IP care-of address to astatic IP home address when the mobile node is moved in theheterogeneous networks, the dynamic care-of address indicating thetopologically current network location of the mobile node and IP datapackets having the IP home address of the mobile node as destinationaddress being rerouted to the care-of address of the mobile node, inthat an interface administration module of the mobile node checks themobile node for available physical network interfaces, draws up a lookuptable with the available and configurable physical network interfaces,and links itself to one of the available physical network interfaces, inthat one or more IP applications of the mobile node access theheterogeneous networks via a virtual IP network interface generated inthe mobile node, the generated permanent virtual IP network interfacecomprising a generated virtual L3 layer and a generated virtual L2 layerand being linked to the current network via the interface administrationmodule, and during a change of the physical network interface of themobile node the link of the permanent virtual IP network interface tothe network is updated based on the lookup table by means of theinterface administration module. In particular, the change of thephysical network interface can comprise a change within differentnetworks, such as e.g. Ethernet, Bluetooth, mobile radio networks (GSM:Global System for Mobile Communication, UMTS: Universal Mobile TelephoneSystem, etc.) or WLAN (Wireless Local Area Network), or also atopological location change within the same network, for example withdirect link to the Ethernet. An advantage of the invention is that achange of connection or interface of the mobile node in the network doesnot lead to an interruption of the IP applications, but instead theseapplications continue to run without any assistance from the user sincethe virtual interface remains as the permanent interface with respect tothe IP applications. In contrast to the state of the art, a genuinevirtual network interface is generated on the L2/L3 layer with thesolution proposed here, and not a rerouting of network addresses bymeans of an existing network address, e.g. a MAC address. This has theadvantage that even with removal of all available physical networkinterfaces (NIC), an interruption of the running IP applications doesnot occur. Protocols such as Ethernet or Token Ring use the DLCaddresses directly. The IP protocol (likewise of course in combinationwith TCP as TCP/IP), on the other hand, uses a logical address on itsnetwork layer level in order to identify a node of the network. Theseare translated into DLC addresses only in a lower layer. Since thepresent invention generates a virtual network interface directly afterthe IP layer, it has precisely the advantage that it is able to maintainthe connection of the IP applications completely independently ofchanges in the lower layers (L2 layer/L1 layer). This relates not onlyto the mentioned case where all physical network interfaces (NIC) areremoved. The present invention is also independent of the standard ofthe network addresses (e.g MAC or DLC addresses) of the networkinterfaces used, and moreover can also handle the change betweenpacket-switched and circuit-switched interfaces without any difficulty.In particular, should the standard be changed, this solution does notneed to be adapted since it uses the logical address of the IP layer andnot the hardware network addresses. Thus the access to a higher level ofabstraction, i.e. of layers, has the advantage that one is independentof standards such as e.g. hardware addresses.

In an embodiment variant, the interface administration module checks themobile node for available physical network interfaces periodically. Thisembodiment variant has the advantage that the lookup table is alwayskept in the most updated state and is immediately available. Inparticular, through the constant monitoring of the physical networkinterfaces and their features, changes can be made automatically, forinstance, when physical network interfaces are available With bettertransmission options than the one momentarily active. As an embodimentvariant, it is also possible to allow the criteria for automatic changeof the physical interface to be determined by the user. This has theadvantage that, among other things, the user is able to configure thevirtual interface in a very individual way in keeping with his needs.

In an embodiment variant, the virtual interface changes and updates thephysical interface automatically via the interface administration modulebased on information from the lookup table. As an embodiment variant,the change can also take place automatically based on criteria which canbe set by the user. This has the advantage that, depending upon thedefined criterion, the mobile node always automatically uses thephysical interface with e.g. the greatest available data throughput atthe moment or with the best cost/performance ratio.

In a further embodiment variant, the available physical networkinterfaces are dynamically configured. This has the advantage, amongother things, that possibly available services such as e.g. a DHCP(Dynamic Host Configuration Protocol) service can be used and thehandling is simplified for the user through the automation of theconfiguration.

In another embodiment variant, the available physical network interfacesare statically configured. This has the advantage, among other things,that the configuration of the network interfaces is controllable andeasily comprehensible for the user.

With all the above-mentioned embodiment variants, it is also possible,in a supplementary embodiment variant, to buffer outgoing IP datapackets in a data buffer of the mobile node in case the networkconnection of the mobile node is interrupted so that the output datarate of the one or more IP applications is maintained or is kept withina particular fluctuation tolerance. The advantage of this embodimentvariant is inter alia that with a change of the physical interface theoutput data rate of an IP application can thus be kept constant orwithin a pre-given fluctuation tolerance as long as the storage capacityof the data buffer suffices for storing the outgoing data packets. Thishas once again the advantage that the IP data throughput rate is notbrought down through the IP applications or the kernel during aninterruption.

It should be stated here that, besides the method according to theinvention, the present invention also relates to a system for carryingout the method.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiment variants of the present invention will be described in thefollowing with reference to examples. The examples of the embodimentsare illustrated by the following attached figures:

FIG. 1 shows a block diagram illustrating schematically a method and asystem for mobile IP nodes in heterogeneous networks.

FIG. 2 shows a block diagram illustrating schematically mobile IP in amobile node without virtual network interface according to theinvention, the mobile node being located in the home network, i.e. inthe network of the home address.

FIG. 3 shows a block diagram illustrating schematically mobile IP in amobile node without virtual network interface according to theinvention, the mobile node being located in a network other than itshome network.

FIG. 4 shows a block diagram illustrating schematically mobile IP in amobile node with a virtual network interface according to the invention,the mobile node being located in the home network, i.e. in the networkof the home address.

FIG. 5 shows a block diagram illustrating schematically mobile IP in amobile node with a virtual network interface according to the invention,the mobile node being located in a network other than its home network.

FIG. 6 shows a block diagram reproducing schematically a solution of thestate of the art by means of the described NAA (Network AccessArbitrator).

FIGS. 7/8/9 each show a block diagram reproducing schematically asolution according to the invention by means of a virtual IP layer orrespectively virtual IP device and making clear the difference to thestate of the art according to FIG. 6.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 illustrates an architecture which can be used to achieve theinvention. The reference numeral 10 in FIG. 1 refers to a mobile nodehaving the necessary infrastructure, including hardware and softwarecomponents and/or units, to achieve a described method and/or systemaccording to the invention. To be understood as mobile nodes 10 areinter alia all possible so-called Customer Premise Equipment (CPE)intended for use at various network locations and/or in differentnetworks. The mobile CPEs or nodes 10 possess one or more differentphysical network interfaces 14 to 17, which can also support a pluralityof different network standards 21 to 24. The physical network interfaces14 to 17 of the mobile node can comprise e.g. interfaces for Ethernet orfor another wired LAN (Local Area Network), Bluetooth, GSM (GlobalSystem for Mobile Communication), GPRS (Generalized Packet RadioService), USSD (Unstructured Supplementary Services Data), UMTS(Universal Mobile Telecommunications System) and/or WLAN (Wireless LocalArea Network), etc. The reference numerals 21 to 24 accordingly standfor the various heterogeneous networks, such as e.g. a wired LAN 21,i.e. a local fixed network, in particular also the PSTN (Public SwitchedTelephone Network), etc., a Bluetooth network 22, e.g. for installationsin covered-over localities, a mobile radio network 23 with GSM and/orUMTS, etc. or a wireless LAN. The interfaces 21 to 24 can be not onlypacket-switched interfaces, as used directly by network protocols suchas e.g. Ethernet or Token Ring, but also circuit-switched interfaceswhich can be used by means of protocols such as e.g. PPP (Point-to-PointProtocol), SLIP (Serial Line Internet Protocol) or GPRS (GeneralizedPacket Radio Service), i.e. which interfaces do not have, for example,any network addresses such as a MAC or a DLC address. The referencenumeral 30 designates the usual, worldwide IP backbone network. Aspartly mentioned, the communication can take place via the mobile radionetwork 23, for example by means of special short messages, e.g. SMS(Short Message Services), EMS (Enhanced Message Services), over asignaling channel such as e.g. USSD (Unstructured Supplementary ServicesData) or other technologies such as MExE (Mobile Execution Environment),GPRS (Generalized Packet Radio Service), WAP (Wireless ApplicationProtocol) or UMTS (Universal Mobile Telecommunications System) or over aservice channel. At the level of the mobile node 10, the method andsystem according to the invention is based on three main layers orrespectively main modules 131 to 133 which are designated jointly asmobile module by the reference numeral 13 in FIG. 1. The layers 131 to133 can be achieved together or separately, it being possible to achievethem accordingly through software and/or hardware. The first layercomprises a mobile IP module 131 and/or an IPsec module 132. The maintask of mobile IP consists in authenticating the mobile node 10 in thenetwork and of redirecting the IP packets having the mobile node 10 asdestination address correspondingly. The mobile IP capabilities 131 canpreferably be combined with the security mechanisms of an IPsec (IPsecurity protocol) module 132 in order to ensure secure mobile datamanagement in the public Internet 30. As an embodiment variant, themodules of mobile IP 131 and of IPsec 132 can also be implementedjointly in a single Sec MIP module 131/132 (Secure Mobile IP module), asis shown in FIG. 1. The way of functioning of the mobile IP module andof the IPsec module will be described in more detail further below. TheSecMIP module administers the data tunnels of mobile IP 131 and IPsec132 in order to facilitate a useful collaboration between a layersituated above, e.g. a TCP module 12 or respectively IP applications 11running on the mobile node 10, and a layer 134 lying beneath.

In particular, the SecMIP module checks and coordinates the temporalsequence of operations of the mobile IP module 131 and of the IPsecmodule 132. For mobile IP, as for IP, which network standard or networktype is used for the network link does not matter as long as theInternet protocol is supported. Thus, in principle, it allows the mobilenode 10 to move in heterogeneous networks 21-24.

With mobile IP, a home agent dynamically assigns a temporary care-ofaddress to a static home address if the corresponding mobile node 10 ismoved in the heterogeneous networks. As mentioned, the dynamic care-ofaddress indicates the topologically current network location of themobile node whereas the home address designates the location in the homenetwork. In other words, the current location of the assigned mobilenode 10 is thus always registered with the home agent. At the same timethe home agent redirects the IP data packets having the IP home addressof the mobile node as destination address to the care-of address of themobile node so that the home agent functions like a relay station to themobile node 10. Mobile IP achieves these functions building upon thenormal IP (Internet Protocol). This is to be described more closely inthe following: In IP, data packets are directed (routed) from a startingaddress (source address) of a network interface via various routers inthe network to a target address (destination address) of a networkinterface. The data packets can thereby be taken apart by the individualrouters (e.g. in order to be able to overcome heterogeneous networkstructures), routed to the destination address via different paths, heldback, or even rejected. The great flexibility of IP is founded on thesebasic functions. The routers pass on the data packets based on routingtables, which typically contain the next hop information, i.e.information about which is (are) the next router(s) to head for based onthe reference numbers of the networks in the destination address. Thereference numbers of the networks can be learned from the low order bitsof the IP address in the IP header of the data packet. The destinationaddress in the data packets thus specifies the precise location of thedestination network interface in the network. In order to be able tomaintain the existing IP transport structure, the same IP address mustbe able to be kept in the mobile node 10. If, as mentioned, the TCP(Transport Control Protocol) is used in addition to the IP (which is thecase in the vast majority of IP links), the connections are furtherdesignated by a number quadruplet containing indications about the IPaddress and port number as well as the start address and the destinationaddress. If one of these four numbers is changed, this causes aninterruption of the IP connection. With mobile network use, however, thecorrect routing of the data packets depends upon the momentary locationof the mobile node 10 in the network 21-24 and 30. To change therouting, the IP address of the momentary location can be assigned to thedata packets, and, to be more precise, in such a way that the TCPfunctions are also not disturbed. In mobile IP, these problems areresolved through the assignment of the described two IP addresses, thehome address and the care-of address. The home address is static, andindicates the home location of the mobile node 10. It is also used e.g.to flag the TCP connection. The care-of address changes with each newlocation of the mobile node 10 in the network. It is the topologicallysignificant address of the mobile node 10 with respect to the networktopology. On the basis of the home address, the mobile node 10 is ableto receive data in a continuously accessible way at the location of itshome address in the home network. At the home address the mobile node 10needs a further network node, however, which is typically designated asthe home agent. If the mobile node 10 is not itself located in the homenetwork, the home agent collects the data packets having the mobile node10 as the destination address and redirects them to the current addressof the mobile node 10. Wherever the mobile node is located, a mobile IPmodule of the mobile node 10 will immediately register with the homeagent, upon use, the new or respectively current address of the mobilenode 10. During redirecting of the data packets by the home agent, itwill be necessary for the destination address of the data packets thatcorresponded to the home address to be replaced by the momentary care-ofaddress and the data packets to be forwarded. When the data packets havearrived at the mobile node, the reverse transaction takes place in thatthe destination address, then corresponding to the care-of address, isreplaced by the home address. This way the arriving data packets in themobile node 10 can be further processed through the Transfer ControlProtocol (TCP), or another super-ordinate protocol, without errormessage. For redirecting the data packets from the home address to thecare-of address, the home agent constructs a new IP header for thecorresponding data packet, which, as mentioned, comprises as thedestination address the care-of address instead of the home address. Thenew IP header surrounds the original data packet as a whole, whereby theold destination address has no effect on the further routing anymoreuntil the data packet has arrived at the mobile node. Such anencapsulation is also referred to as tunneling of data, which describeshow the data are tunneled through the Internet by circumventing theeffect of the original IP header. Mobile IP thus comprises as essentialfunctions determination of the momentary IP address (care-of address) ofthe mobile node 10, registration of the care-of address with the homeagent and tunneling of the data packets having the home address as thedestination address to the care-of address. For further mobile IPspecifications, also see e.g. IETF (Internet Engineering Task Force) RFC2002, IEEE Comm. Vol. 35, No. 5, 1997, etc. Mobile IP supports inparticular IPv6 and IPv4.

IPsec (IP security protocol) generates packet-wise or socket-wiseauthentication/confidentiality mechanisms between network nodes whichboth use Ipsec. IPsec consists of different, separate protocols withcorresponding control mechanisms. IPsec comprises an authenticationheader (AH), an Encapsulating Security Payload (ESP), an IP payloadcompression (lPcomp) as well as an Internet Key Exchange (IKE). By meansof the AH, IPsec generates an authentication guarantee for the datapackets in that the data packets are assigned an extremely encrypteddata check sum. With the AH, the authenticity of the sender can beverified, and at the same time it can be checked whether the data packethas been modified in the meantime by an unauthorized third party. TheESP encryption guarantees furthermore the confidentiality of the data inthat the data packets are encrypted with a key. This guarantee exists ofcourse only if the key has not been made accessible to third parties. Asdescribed above, AH as well as ESP require keys which are is known toboth participating network nodes. IKE is ultimately a mechanism foragreeing upon such secret keys between two accounts without the keysbecoming known to third parties. The IKE mechanisms form an optionalpart of the IPsec since they can also be determined manually for AH andESP. One of the flexible features of IPsec consists in particular inthat configuration can be packet-wise as well as for individual sockets.IPsec supports IPvx, in particular IPv6 and IPv4. For more detailedIPsec specifications, see e.g. Loshin, Pete, IP Security Architecture,Morgan Kaufmann Publishers, November 1999, or James, S., A TechnicalGuide to IPsec, CRC Press, LLC, December 2000, among other works.Although IPsec has been described in this embodiment example as anexample for the application of security protocols according to thepresent invention, all possible other security protocols or mechanismsor even the omission of security protocols are conceivable according tothe invention.

The physical network interfaces 14-17 are administered through aninterface administration module 134, which represents the third of thesaid layers. The virtual IP network interface 133 (designated as thevirtual L2/L3 layers in FIGS. 7 to 9) can be generated, for instance, bythe interface administration module 134 through software. It is achievedas the buffer between the first layer 131/132, i.e. the SecMIP module,and the third layer 134, i.e. the interface administration module. Thevirtual network interface 133 generates, on the one hand, vis-à-vis theIP applications 11 or respectively the TCP layer 12, a permanent IPnetwork interface, and is attached, on the other hand, via the interfaceadministration module 134, to the current physical interface of themobile node 10 with the current care-of address. The interfaceadministration module 134 checks the mobile node 10 for availablephysical network interfaces 14-17, draws up a lookup table thereby withthe available and configurable physical network interfaces 14-17, andlinks itself to one of the available physical network interfaces 14-17.The checking of the physical network interfaces 14-17 can take placee.g. periodically, i.e. after expiration of a determinable time slot,can be configurable manually or upon request from one of the layersshown in FIG. 1 or from the kernel of the mobile node 10. The checkingcan be performed by an appropriate software and/or hardware unit and/ormodule. The lookup table can comprise in particular information such aspossible data throughputs, network availability, network stability,costs of network utilization, etc. The lookup table can be drawn up byan appropriate software and/or hardware unit and/or module. Theconnection to a particular physical interface 14-17 can take place withreference to determinable criteria based on information stored in thelookup table. In particular, it can make sense for the interfaceadministration module 134 to change and update automatically thephysical interface 14-17 based on information from the lookup table. Theconnection to a particular physical interface 14-17 can also bedeterminable by the user, for example, and/or take place manually. Asmentioned, during any desired change or during interruptions, i.e. timewhen no physical interface 14-17 at all is available, e.g. during aninterim removal of the network card from the mobile node 10, the virtualIP network interface remains as the permanently available IP interface.The available physical network interfaces can be configured dynamically,e.g. by means of a DHCP service (DHCP: Dynamic Host ConfigurationProtocol), if such means are available, or statically, e.g. by the useror based on pre-given configuration profiles. Via the thus generatedpermanent virtual IP interface, one or more IP applications 11 of themobile node 10 can now access the heterogeneous networks 21-24. If themobile node 10 changes the physical network interface 14-17 or itstopological location in the network, the connection to the physicalnetwork interface can be updated via the interface administration module134 based on information from the lookup table without anything havingto change for the mobile IP module 131 since the virtual IP interface131 is not affected by the change. The IPsec module 132 thereby updatesthe IPsec data tunnel configuration according to the current networkconnection, after which the mobile IP module 131 registers the newcare-of address with the home agent so that the routing of the datapackets to the new location of the mobile host takes place, and updatesthe IP configuration if necessary at the home agent according to themomentary physical network interface. The sequence stated above isaccording to the invention, but it can also take place in reverse order.

It remains to be mentioned that, in an extended embodiment example ofthat described above, outgoing IP data packets are able to be bufferedin a data buffer 1331 of the mobile node 10 if the network connection ofthe mobile node 10 is interrupted, so that the output data rate of theone or more IP applications 11 can be maintained by means of the databuffer 1331 for a particular buffer time or within a particularfluctuation tolerance, i.e. as long as the storage capacity of the databuffer 1331 suffices for storing the data packets. Therefore if theinterruption of the network link lies within the time slot for aconnection timeout provided for in the TCP, for instance, the outputdata rate for the IP applications 11 can be maintained such that noautomatic deceleration of the output rate through the IP applicationstakes place. The storing of the data packets can occur continuously atthe same rate, for example, or can slow down steadily based on theduration of the interruption. It is to be pointed out that the databuffer 1331 can play an important role, particularly with real-timeapplications, in minimizing interruptions and data loss during a changeof the topological network location. In an embodiment example, the databuffer 1331 can be achieved assigned to the virtual network interface131 or integrated, through hardware or software; it can also be achievedseparately in the mobile IP node, however.

FIGS. 2 and 3 show normal mobile IP without the method according to theinvention or the system according to the invention. In FIG. 1, themobile node is located in the home network 71. The reference numerals 72to 74 each designate different topological network locations. These canalso be heterogeneous networks. For example, the home network 71 can bean Ethernet-LAN-link, 72 a WLAN (Wireless Local Area Network) link, etc.Outgoing data packets have as the destination address the IP address ofthe destination node in the network 30. Mobile IP is not necessary, andno mobile IP tunneling 50 takes place. The IP interface 40 of the mobilenode sees the received data packets 80 without their having beenmodified, i.e. the source address 82 indicates the IP address of thesender and the destination address 83 indicates the home IP address ofthe mobile node. With respect to their IP header, the sent data packets80 have reverse-order IP address sequences. The reference numeral 81designates the co-transmitted data without IP header. In FIG. 3 themobile node is not located in the home network 71, but instead at atopologically different network location, for instance in the WLAN 72.In the case of the sent data packets 80, the source address 84 nowindicates the IP address of the topologically current network location,while the destination address 85 indicates the IP address of thecorresponding destination node. In the case of the received IP datapackets, the reverse-order new IP header is assigned by the home agentto the data packets 80, whereby the old header with the old address82/83 is located encapsulated underneath. The reference numeral 81 here,too, designates the co-transmitted data without IP headers. In the sentand received data packets 80, the source addresses 82/84 and thedestination addresses 83/85 are correspondingly interchanged.

FIGS. 4 and 5 show mobile IP with the method according to the inventionor the system according to the invention, i.e. with the inventivevirtual IP interface 60. The reference numerals having the same digitsin FIGS. 4 and 5 designate the same objects as in FIGS. 2 and 3, and arethus not further described here. If the mobile node is located in thehome network 71 (see FIG. 4), then the virtual IP interface 60 takesover the home address of the mobile node, and the home agent has nothingmore to do, i.e. mobile IP is not necessary and mobile IP tunneling doesnot take place. The virtual IP network interface 60 of the mobile nodesees the received data packets 80 without their having been modified,i.e. the source address 82 indicates the IP address of the correspondingnode, and destination address 83 indicates the home IP address of themobile node. In the case of the sent data packets 80, the destinationaddress 83 indicates the IP address of the corresponding destinationnode in the network, while the source address 82 indicates the IPaddress of the virtual IP network interface, which corresponds to thehome IP address of the mobile node. The reference numeral 81 designatesthe co-transmitted data without IP header. In FIG. 5, the mobile node isnot located in the home network, and the data packets contain in the IPheader the topologically current IP address 71 as the source orrespectively destination address 84/85, depending upon whether they aresent or received. The virtual IP network interface 133 according to theinvention therefore takes over in each case the IP address of themomentarily current physical interface 14-17, whereby the mobile IPmodule 131 takes over the management of the IP addresses of the IPheader of the data packet 80 and the generation of the data tunnel (ifnecessary) in the conventional way. At the same time the virtual IPnetwork interface 133 ensures the permanent presence of an interfacevis-à-vis the IP applications.

It is important to state that the virtual IP interface, as an embodimentvariant, can be connected not only to one physical interface but to aplurality of physical interfaces at the same time. Thus it is thenpossible for the mobile node 10 to receive simultaneously the same datapacket via two physical interfaces, for example. Redundant IP datapackets are automatically recognized in higher IP layers, and arereduced accordingly. Through the simultaneous sending of IP data packetsand the parallel receiving of the same IP data packets by two physicalinterfaces, the seamless transition from one physical interface toanother by the mobile node 10 can be ensured. In this method a mobilenode 10 is assigned at least two care-of addresses corresponding to thephysical interfaces momentarily connected to the virtual IP interface.If more than two physical interfaces are connected at the same time, thenumber of assigned care-of addresses increases correspondingly. The homeagent routes the IP data packets having the home address of the mobilenode 10 in the IP header according to the previously described multipleregistration in parallel to the different registered care-of addresses,i.e. to different physical interfaces of the mobile node 10.

FIG. 6 shows a solution of the state of the art such as is shown in thepatent publication EP 1 089 495, for example. A so-called Network AccessArbitrator (NAA) thereby sees to it that the different MAC addresses(L2Addr (IEEE 802) 2D:5F:9A:0E:43:1D, L2 Addr (IEEE 802) 46:3A:1E:67:9A:2B,L2 Addr (IEEE 802) A3:C9:12:4E:8F:43) of the individual availablephysical network interfaces (L1 (physical) wired, L1 (physical)wireless, L1 (physical) radio) are redirected via a single fixed MACaddress (L2 Addr (IEEE 802) 2D:5F:9A:0E:43:1D). This first MAC addressis the address of the so-called primary NIC, while all other physicalinterfaces are each secondary NICs. The NAA connects the L2 layer of theaccessible NICs in that it redirects the data packets from the primaryNIC to the corresponding MAC address of a further network interface(secondary NIC). No virtual interface is thereby generated, however, butinstead the NAA redirects the MAC address via the MAC address of theprimary NIC to that of a secondary NIC. The NAA thereby acts as thevirtual adapter driver. Thus the outgoing data packets are redirected tothe current interface, while incoming data packets are transmitteddirectly to the IP layer. No virtual network interface is generatedtherefore with the NAA, but instead the NAA simply redirects the datapackets. As is seen clearly in FIG. 6, the NAA needs at least onephysical interface with a MAC address, namely the primary NIC, in orderto function. If the primary NIC is removed, the IP applications losetheir connection to the layer L2 since the NAA is redirecting via theprimary NIC.

FIGS. 7, 8 and 9 each show a block diagram reproducing schematically asolution according to the invention by means of a virtual IP layer orrespectively IP device, and make clear the difference to the state ofthe art according to FIG. 6. In contrast to the state of the art fromFIG. 6, a genuine virtual interface 133 is generated. The interfaceadministration module 134 (not shown in FIGS. 7 to 9) links therespective physical interface 14-17 to the virtual interface 133, whilethe IP applications access the virtual IP interface 133 via the IPlayer. The virtual IP interface 133 is permanently maintained by theinterface administration module 134, independently of whether a physicalnetwork interface 14-17 is accessible at all. The running IPapplications thus always find the IP interface 133 there, nointerruption occurring during a change of interface. It clearly followsfrom FIGS. 7 to 9 that in the present invention more than just a merererouting of data packets is involved, and instead a genuine virtual IPinterface 133 is generated. In particular the accessing of a higherlevel of abstraction, i.e. of layer, has in addition the advantage thatone is independent of standards, such as hardware address, for example.

1. A computer-readable medium including computer program instructionswhich cause a computer to execute a method of assigning IP addresses tomobile IP nodes in heterogeneous networks in which a home agentdynamically assigns a temporary IP care-of address to a static IP homeaddress when a mobile node is moved in the heterogeneous networks, thedynamic care-of address indicating the topologically current networklocation of the mobile node and IP data packets having the IP homeaddress of the mobile node as a destination address being redirected tothe care-of address of the mobile node, said method comprising: checkingthe mobile node for available configurable physical network interfaces,generating a lookup table with the available and configurable physicalnetwork interfaces, linking an interface administration module to one ofthe available configurable physical network interfaces, accessing theheterogeneous networks via a permanent virtual IP network interfacegenerated in the mobile node, the generated permanent virtual IP networkinterface being linked to the topologically current network indicated bythe dynamic care-of address, and including a generated virtual L3 layerand a generated virtual L2 layer, and updating, during a change of thephysical network interface of the mobile node, the link of the permanentvirtual IP network interface to the network based on the lookup table.2. The computer-readable medium according to claim 1, wherein thechecking step is completed periodically.
 3. The computer-readable mediumaccording to claim 1, wherein the updating step is completedautomatically.
 4. The computer-readable medium according to claim 3,wherein criteria for the automatic updating of the physical interface isdetermined by a user.
 5. The computer-readable medium according to claim1, further comprising instructions which cause the computer to execute amethod comprising: buffering outgoing IP data packets when the networklink of the mobile node is interrupted, so that the output data rate ofthe one or more IP applications is maintained or is kept within aparticular fluctuation tolerance.
 6. The computer-readable mediumaccording to claim 3, further comprising instructions which cause thecomputer to execute a method comprising: buffering outgoing IP datapackets when the network link of the mobile node is interrupted, so thatthe output data rate of the one or more IP applications is maintained oris kept within a particular fluctuation tolerance.